Question No: 221

You have been using pre-shared keys for IKE authentication on your VPN. Your network has grown rapidly, and now you need to create VPNs with numerous IPsec peers. How can you enable scaling to numerous IPsec peers?

Migrate to external CA-based digital certificate authentication.

Migrate to a load-balancing server.

Migrate to a shared license server.

Migrate from IPsec to SSL VPN client extended authentication.

Answer: A

Question No: 222

Refer to the exhibit. In this tunnel mode GRE multipoint example, which command on the hub router distinguishes one spoken form the other?

no ip route

ip nhrp map

ip frame-relay

tunnel mode gre multipoint

Answer: D

Question No: 223

Which interface is managed by the VPN Access Interface field in the Cisco ASDM IPsec Site-to-Site VPN Wizard?

the local interface named quot;VPN_accessquot;

the local interface configured with crypto enable

the local interface from which traffic originates

the remote interface with security level 0

Answer: B

Question No: 224

The following configuration steps have been completeD.

WebVPN was enabled on the ASA outside interface.

SSL VPN client software was loaded to the ASA.

A DHCP scope was configured and applied to a WebVPN Tunnel Group.

What additional step is required if the client software fails to load when connecting to the ASA SSL page?

The SSL client must be loaded to the client by an ASA administrator

The SSL client must be downloaded to the client via FTP

The SSL VPN client must be enabled on the ASA after loading

The SSL client must be enabled on the client machine before loading

Answer: C

Question No: 225

Refer to the exhibit.

When the user quot;contractorquot; Cisco AnyConnect tunnel is established, what type of Cisco ASA user restrictions are applied to the tunnel?